|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris Administration: Security Services Oracle Solaris 11 Information Library|
During system configuration, you preselect which classes of audit records to monitor. You can also fine-tune the degree of auditing that is done for individual users. The following figure shows details of the flow of auditing in Oracle Solaris.
Figure 26-1 The Flow of Auditing
The audit_binfile plugin places binary audit records in the /var/audit file system. Post-selection tools enable you to examine interesting parts of the audit trail.
The audit_remote plugin sends binary audit records across a protected link to a remote repository.
The audit_syslog plugin sends text summaries of audit records to the syslog utility.
Systems that install non-global zones can audit all zones identically from the global zone. These systems can also be configured to collect different records in the non-global zones. For more information, see Auditing and Oracle Solaris Zones.